agent-messenger 2.1.0 → 2.2.0

package/src/platforms/webex/client.ts

@@ -13,6 +13,8 @@ interface RateLimitBucket {
 
 export class WebexClient {
   private token: string | null = null
+  private deviceUrl: string | null = null
+  private tokenType: string | null = null
   private buckets: Map<string, RateLimitBucket> = new Map()
   private globalRateLimitUntil: number = 0
 
@@ -36,6 +38,8 @@ export class WebexClient {
         'no_credentials',
       )
     }
+    this.deviceUrl = config?.deviceUrl ?? null
+    this.tokenType = config?.tokenType ?? null
     return this.login({ token })
   }
 
@@ -175,22 +179,128 @@ export class WebexClient {
     text: string,
     options?: { markdown?: boolean },
   ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      return this.sendMessageInternal(roomId, text, options)
+    }
     const body = options?.markdown ? { roomId, markdown: text } : { roomId, text }
     return this.request<WebexMessage>('POST', '/messages', body)
   }
 
+  private get useInternalAPI(): boolean {
+    return this.tokenType === 'extracted' && this.deviceUrl !== null
+  }
+
+  private get convBaseUrl(): string {
+    const match = this.deviceUrl?.match(/wdm(-[a-z0-9]+)\.wbx2\.com/)
+    return `https://conv${match?.[1] ?? ''}.wbx2.com/conversation/api/v1`
+  }
+
+  private get internalHeaders(): Record<string, string> {
+    return {
+      Authorization: `Bearer ${this.ensureAuth()}`,
+      'Content-Type': 'application/json',
+      'cisco-device-url': this.deviceUrl!,
+    }
+  }
+
+  private decodeConvUuid(roomId: string): string {
+    return Buffer.from(roomId, 'base64').toString('utf8').split('/').pop() ?? roomId
+  }
+
+  private async internalRequest<T>(path: string, init?: RequestInit): Promise<T> {
+    const response = await fetch(`${this.convBaseUrl}${path}`, {
+      ...init,
+      headers: { ...this.internalHeaders, ...init?.headers as Record<string, string> },
+    })
+
+    if (!response.ok) {
+      const errorBody = (await response.json().catch(() => null)) as { message?: string } | null
+      throw new WebexError(
+        errorBody?.message ?? `HTTP ${response.status}`,
+        `http_${response.status}`,
+      )
+    }
+
+    if (response.status === 204) return undefined as T
+    return response.json() as Promise<T>
+  }
+
+  private activityToMessage(a: InternalActivity, roomId: string): WebexMessage {
+    return {
+      id: a.id,
+      roomId,
+      roomType: 'group' as const,
+      text: a.object?.content ?? a.object?.displayName,
+      personId: a.actor?.entryUUID ?? a.actor?.id ?? '',
+      personEmail: a.actor?.emailAddress ?? '',
+      created: a.published,
+    }
+  }
+
+  private async sendMessageInternal(
+    roomId: string,
+    text: string,
+    options?: { markdown?: boolean },
+  ): Promise<WebexMessage> {
+    const convUuid = this.decodeConvUuid(roomId)
+    const object = options?.markdown
+      ? { objectType: 'comment', displayName: text, content: text, markdown: text }
+      : { objectType: 'comment', displayName: text, content: text }
+    const result = await this.internalRequest<InternalActivity>('/activities', {
+      method: 'POST',
+      body: JSON.stringify({
+        verb: 'post',
+        object,
+        target: { id: convUuid, objectType: 'conversation' },
+        clientTempId: `tmp-${Date.now()}`,
+      }),
+    })
+    return this.activityToMessage(result, roomId)
+  }
+
   async sendDirectMessage(
     personEmail: string,
     text: string,
     options?: { markdown?: boolean },
   ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const roomId = await this.findDirectRoomByEmail(personEmail)
+      if (!roomId) {
+        throw new WebexError(`No existing direct conversation with ${personEmail}`, 'not_found')
+      }
+      return this.sendMessageInternal(roomId, text, options)
+    }
     const body = options?.markdown
       ? { toPersonEmail: personEmail, markdown: text }
       : { toPersonEmail: personEmail, text }
     return this.request<WebexMessage>('POST', '/messages', body)
   }
 
+  private async findDirectRoomByEmail(email: string): Promise<string | null> {
+    const rooms = await this.request<{ items: WebexSpace[] }>('GET', `/rooms?type=direct&max=100`)
+    for (const room of rooms.items) {
+      const members = await this.request<{ items: WebexMembership[] }>(
+        'GET',
+        `/memberships?roomId=${room.id}&max=10`,
+      )
+      if (members.items.some((m) => m.personEmail === email)) {
+        return room.id
+      }
+    }
+    return null
+  }
+
   async listMessages(roomId: string, options?: { max?: number }): Promise<WebexMessage[]> {
+    if (this.useInternalAPI) {
+      const convUuid = this.decodeConvUuid(roomId)
+      const max = options?.max ?? 50
+      const conv = await this.internalRequest<InternalConversation>(
+        `/conversations/${convUuid}?activitiesLimit=${max}&participantsLimit=0`,
+      )
+      return (conv.activities?.items ?? [])
+        .filter((a) => a.verb === 'post')
+        .map((a) => this.activityToMessage(a, roomId))
+    }
     const params = new URLSearchParams()
     params.set('roomId', roomId)
     params.set('max', String(options?.max ?? 50))
@@ -199,10 +309,30 @@ export class WebexClient {
   }
 
   async getMessage(messageId: string): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const activity = await this.internalRequest<InternalActivity>(`/activities/${messageId}`)
+      const convId = activity.target?.id ?? ''
+      const roomId = convId ? Buffer.from(`ciscospark://urn:TEAM:unknown/ROOM/${convId}`).toString('base64') : ''
+      return this.activityToMessage(activity, roomId)
+    }
     return this.request<WebexMessage>('GET', `/messages/${messageId}`)
   }
 
   async deleteMessage(messageId: string): Promise<void> {
+    if (this.useInternalAPI) {
+      const activity = await this.internalRequest<InternalActivity>(`/activities/${messageId}`)
+      const convId = activity.target?.id
+      if (!convId) throw new WebexError('Cannot determine conversation for activity', 'internal_error')
+      await this.internalRequest<unknown>('/activities', {
+        method: 'POST',
+        body: JSON.stringify({
+          verb: 'delete',
+          object: { id: messageId, objectType: 'activity' },
+          target: { id: convId, objectType: 'conversation' },
+        }),
+      })
+      return
+    }
     return this.request<void>('DELETE', `/messages/${messageId}`)
   }
 
@@ -212,6 +342,20 @@ export class WebexClient {
     text: string,
     options?: { markdown?: boolean },
   ): Promise<WebexMessage> {
+    if (this.useInternalAPI) {
+      const convUuid = this.decodeConvUuid(roomId)
+      const result = await this.internalRequest<InternalActivity>('/activities', {
+        method: 'POST',
+        body: JSON.stringify({
+          verb: 'post',
+          object: { objectType: 'comment', displayName: text, content: text },
+          target: { id: convUuid, objectType: 'conversation' },
+          parent: { id: messageId, type: 'edit' },
+          clientTempId: `tmp-${Date.now()}`,
+        }),
+      })
+      return this.activityToMessage(result, roomId)
+    }
     const body = options?.markdown ? { roomId, markdown: text } : { roomId, text }
     return this.request<WebexMessage>('PUT', `/messages/${messageId}`, body)
   }
@@ -245,3 +389,17 @@ export class WebexClient {
     return data.items
   }
 }
+
+interface InternalActivity {
+  id: string
+  verb: string
+  actor?: { displayName?: string; emailAddress?: string; entryUUID?: string; id?: string }
+  object?: { content?: string; displayName?: string; objectType?: string }
+  target?: { id: string }
+  published: string
+}
+
+interface InternalConversation {
+  id: string
+  activities?: { items: InternalActivity[] }
+}

package/src/platforms/webex/commands/auth.ts

@@ -2,10 +2,12 @@ import { Command } from 'commander'
 
 import { handleError } from '@/shared/utils/error-handler'
 import { formatOutput } from '@/shared/utils/output'
+import { info, debug } from '@/shared/utils/stderr'
 
 import { getWebexAppCredentials } from '../app-config'
 import { WebexClient } from '../client'
 import { WebexCredentialManager } from '../credential-manager'
+import { WebexTokenExtractor } from '../token-extractor'
 
 interface ResolvedCredentials {
   clientId: string
@@ -68,11 +70,11 @@ export async function loginAction(options: { token?: string; clientId?: string;
 
     const device = await credManager.requestDeviceCode(clientId)
 
-    console.error(`Open this URL and enter the code: ${device.verificationUri}`)
-    console.error(`Code: ${device.userCode}`)
-    console.error('')
+    info(`Open this URL and enter the code: ${device.verificationUri}`)
+    info(`Code: ${device.userCode}`)
+    info('')
     await openBrowser(device.verificationUriComplete)
-    console.error('Waiting for authorization...')
+    info('Waiting for authorization...')
 
     const config = await credManager.pollDeviceToken(
       device.deviceCode,
@@ -135,6 +137,60 @@ export async function statusAction(options: { pretty?: boolean }): Promise<void>
   }
 }
 
+export async function extractAction(options: { pretty?: boolean; debug?: boolean }): Promise<void> {
+  try {
+    const extractor = new WebexTokenExtractor(
+      undefined,
+      options.debug ? (msg) => debug(`[debug] ${msg}`) : undefined,
+    )
+
+    if (options.debug) {
+      debug('[debug] Searching browser profiles for Webex tokens...')
+    }
+
+    const extracted = await extractor.extract()
+
+    if (!extracted) {
+      console.log(
+        formatOutput(
+          {
+            error: 'No Webex token found in any browser. Make sure you are logged in to web.webex.com in Chrome, Edge, Arc, or Brave.',
+            hint: 'Run "auth login" for OAuth Device Grant flow, or --debug for more info.',
+          },
+          options.pretty,
+        ),
+      )
+      process.exit(1)
+      return
+    }
+
+    const client = await new WebexClient().login({ token: extracted.accessToken })
+    const person = await client.testAuth()
+
+    const credManager = new WebexCredentialManager()
+    await credManager.saveConfig({
+      accessToken: extracted.accessToken,
+      refreshToken: extracted.refreshToken ?? '',
+      expiresAt: extracted.expiresAt ?? 0,
+      tokenType: 'extracted',
+      deviceUrl: extracted.deviceUrl,
+    })
+
+    console.log(
+      formatOutput(
+        {
+          user: { id: person.id, displayName: person.displayName, emails: person.emails },
+          authenticated: true,
+          tokenType: 'extracted',
+        },
+        options.pretty,
+      ),
+    )
+  } catch (error) {
+    handleError(error as Error)
+  }
+}
+
 export async function logoutAction(options: { pretty?: boolean }): Promise<void> {
   try {
     const credManager = new WebexCredentialManager()
@@ -166,6 +222,13 @@ export const authCommand = new Command('auth')
       .option('--pretty', 'Pretty print JSON output')
       .action(loginAction),
   )
+  .addCommand(
+    new Command('extract')
+      .description('Extract Webex token from browser (Chrome, Edge, Arc, Brave)')
+      .option('--pretty', 'Pretty print JSON output')
+      .option('--debug', 'Show debug output')
+      .action(extractAction),
+  )
   .addCommand(
     new Command('status')
       .description('Show authentication status')

package/src/platforms/webex/commands/member.test.ts

@@ -8,6 +8,8 @@ describe('member commands', () => {
   let consoleSpy: ReturnType<typeof spyOn>
   let consoleErrorSpy: ReturnType<typeof spyOn>
   let processExitSpy: ReturnType<typeof spyOn>
+  let stderrOutput: string
+  let origStderrWrite: typeof process.stderr.write
   const mockMembers = [
     {
       id: 'mem-1',
@@ -35,11 +37,18 @@ describe('member commands', () => {
     processExitSpy = spyOn(process, 'exit').mockImplementation((_code?: number) => {
       throw new Error(`process.exit(${_code})`)
     })
+    stderrOutput = ''
+    origStderrWrite = process.stderr.write
+    process.stderr.write = ((chunk: string | Uint8Array) => {
+      stderrOutput += typeof chunk === 'string' ? chunk : new TextDecoder().decode(chunk)
+      return true
+    }) as typeof process.stderr.write
     spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient() as any)
     spyOn(WebexClient.prototype, 'listMemberships').mockResolvedValue(mockMembers)
   })
 
   afterEach(() => {
+    process.stderr.write = origStderrWrite
     mock.restore()
   })
 
@@ -90,7 +99,7 @@ describe('member commands', () => {
 
     await expect(listAction('room-1', {})).rejects.toThrow('process.exit(1)')
 
-    expect(consoleErrorSpy).toHaveBeenCalledWith(expect.stringContaining('No Webex credentials found'))
+    expect(stderrOutput).toContain('No Webex credentials found')
   })
 
   test('listAction handles API error', async () => {

package/src/platforms/webex/commands/message.test.ts

@@ -97,8 +97,13 @@ test('send: with --markdown passes markdown option', async () => {
 
 test('send: not authenticated shows error', async () => {
   clientLoginSpy.mockRejectedValue(new WebexError('No Webex credentials found.', 'no_credentials'))
-  const errorSpy = mock((_msg: string) => {})
-  console.error = errorSpy
+
+  let stderrOutput = ''
+  const origWrite = process.stderr.write
+  process.stderr.write = ((chunk: string | Uint8Array) => {
+    stderrOutput += typeof chunk === 'string' ? chunk : new TextDecoder().decode(chunk)
+    return true
+  }) as typeof process.stderr.write
 
   const originalExit = process.exit
   process.exit = mock((_code?: number) => {
@@ -110,11 +115,10 @@ test('send: not authenticated shows error', async () => {
   } catch {
   } finally {
     process.exit = originalExit
+    process.stderr.write = origWrite
   }
 
-  expect(errorSpy).toHaveBeenCalled()
-  const output = errorSpy.mock.calls[0][0]
-  expect(output).toContain('No Webex credentials found')
+  expect(stderrOutput).toContain('No Webex credentials found')
 })
 
 test('dm: calls sendDirectMessage with email and text', async () => {

package/src/platforms/webex/commands/snapshot.test.ts

@@ -6,6 +6,8 @@ import { snapshotAction } from './snapshot'
 describe('snapshot command', () => {
   let consoleSpy: ReturnType<typeof spyOn>
   let consoleErrorSpy: ReturnType<typeof spyOn>
+  let stderrOutput: string
+  let origStderrWrite: typeof process.stderr.write
 
   const mockSpaces = [
     { id: 'space-1', title: 'General', type: 'group', isLocked: false, lastActivity: '2024-01-15T00:00:00.000Z', created: '2024-01-01T00:00:00.000Z', creatorId: 'person-1' },
@@ -22,13 +24,22 @@ describe('snapshot command', () => {
   beforeEach(() => {
     consoleSpy = spyOn(console, 'log').mockImplementation(() => {})
     consoleErrorSpy = spyOn(console, 'error').mockImplementation(() => {})
+    stderrOutput = ''
+    origStderrWrite = process.stderr.write
+    process.stderr.write = ((chunk: string | Uint8Array) => {
+      stderrOutput += typeof chunk === 'string' ? chunk : new TextDecoder().decode(chunk)
+      return true
+    }) as typeof process.stderr.write
     spyOn(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient() as any)
     spyOn(WebexClient.prototype, 'listSpaces').mockResolvedValue(mockSpaces as any)
     spyOn(WebexClient.prototype, 'listMessages').mockResolvedValue(mockMessages as any)
     spyOn(WebexClient.prototype, 'listMemberships').mockResolvedValue(mockMembers as any)
   })
 
-  afterEach(() => { mock.restore() })
+  afterEach(() => {
+    process.stderr.write = origStderrWrite
+    mock.restore()
+  })
 
   test('full snapshot includes spaces, recent_messages, members', async () => {
     await snapshotAction({})
@@ -81,9 +92,7 @@ describe('snapshot command', () => {
       process.exit = originalExit
     }
 
-    expect(consoleErrorSpy).toHaveBeenCalled()
-    const output = consoleErrorSpy.mock.calls[0][0]
-    expect(output).toContain('No Webex credentials found')
+    expect(stderrOutput).toContain('No Webex credentials found')
   })
 
   test('passes limit option to listMessages', async () => {

package/src/platforms/webex/commands/space.test.ts

@@ -42,6 +42,8 @@ let clientGetSpaceSpy: ReturnType<typeof spyOn>
 let consoleLogSpy: ReturnType<typeof spyOn>
 let consoleErrorSpy: ReturnType<typeof spyOn>
 let processExitSpy: ReturnType<typeof spyOn>
+let stderrOutput: string
+let origStderrWrite: typeof process.stderr.write
 
 beforeEach(() => {
   clientLoginSpy = spyOn(WebexClient.prototype, 'login').mockResolvedValue(
@@ -58,9 +60,17 @@ beforeEach(() => {
   processExitSpy = spyOn(process, 'exit').mockImplementation((_code?: number) => {
     throw new Error(`process.exit(${_code})`)
   })
+
+  stderrOutput = ''
+  origStderrWrite = process.stderr.write
+  process.stderr.write = ((chunk: string | Uint8Array) => {
+    stderrOutput += typeof chunk === 'string' ? chunk : new TextDecoder().decode(chunk)
+    return true
+  }) as typeof process.stderr.write
 })
 
 afterEach(() => {
+  process.stderr.write = origStderrWrite
   clientLoginSpy?.mockRestore()
   clientListSpacesSpy?.mockRestore()
   clientGetSpaceSpy?.mockRestore()
@@ -139,7 +149,7 @@ describe('listAction', () => {
     await expect(listAction({})).rejects.toThrow('process.exit(1)')
 
     expect(clientListSpacesSpy).not.toHaveBeenCalled()
-    expect(consoleErrorSpy).toHaveBeenCalledWith(expect.stringContaining('No Webex credentials found'))
+    expect(stderrOutput).toContain('No Webex credentials found')
   })
 })
 
@@ -201,6 +211,6 @@ describe('infoAction', () => {
     await expect(infoAction('space-1', {})).rejects.toThrow('process.exit(1)')
 
     expect(clientGetSpaceSpy).not.toHaveBeenCalled()
-    expect(consoleErrorSpy).toHaveBeenCalledWith(expect.stringContaining('No Webex credentials found'))
+    expect(stderrOutput).toContain('No Webex credentials found')
   })
 })

package/src/platforms/webex/credential-manager.ts

@@ -45,7 +45,7 @@ export class WebexCredentialManager {
     const config = await this.loadConfig()
     if (!config) return null
 
-    if (config.tokenType === 'manual') {
+    if (config.tokenType === 'manual' || config.tokenType === 'extracted') {
       return config.accessToken
     }
 

package/src/platforms/webex/ensure-auth.test.ts

@@ -3,11 +3,13 @@ import { afterEach, beforeEach, describe, expect, spyOn, test } from 'bun:test'
 import { WebexClient } from './client'
 import { WebexCredentialManager } from './credential-manager'
 import { ensureWebexAuth } from './ensure-auth'
+import { WebexTokenExtractor } from './token-extractor'
 
 let loadConfigSpy: ReturnType<typeof spyOn>
 let getTokenSpy: ReturnType<typeof spyOn>
 let loginSpy: ReturnType<typeof spyOn>
 let testAuthSpy: ReturnType<typeof spyOn>
+let extractSpy: ReturnType<typeof spyOn>
 
 beforeEach(() => {
   loadConfigSpy = spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
@@ -19,6 +21,7 @@ beforeEach(() => {
     emails: ['test@example.com'],
     type: 'person',
   })
+  extractSpy = spyOn(WebexTokenExtractor.prototype, 'extract').mockResolvedValue(null)
 })
 
 afterEach(() => {
@@ -26,6 +29,7 @@ afterEach(() => {
   getTokenSpy?.mockRestore()
   loginSpy?.mockRestore()
   testAuthSpy?.mockRestore()
+  extractSpy?.mockRestore()
 })
 
 describe('ensureWebexAuth', () => {

package/src/platforms/webex/ensure-auth.ts

@@ -1,18 +1,37 @@
 import { WebexClient } from './client'
 import { WebexCredentialManager } from './credential-manager'
+import { WebexTokenExtractor } from './token-extractor'
 
 export async function ensureWebexAuth(): Promise<void> {
   try {
     const credManager = new WebexCredentialManager()
     const config = await credManager.loadConfig()
-    if (!config) return
 
-    const token = await credManager.getToken(config.clientId, config.clientSecret)
-    if (!token) return
+    if (config) {
+      const token = await credManager.getToken(config.clientId, config.clientSecret)
+      if (token) {
+        const client = new WebexClient()
+        await client.login({ token })
+        await client.testAuth()
+        return
+      }
+    }
+
+    const extractor = new WebexTokenExtractor()
+    const extracted = await extractor.extract()
+    if (!extracted) return
 
     const client = new WebexClient()
-    await client.login({ token })
+    await client.login({ token: extracted.accessToken })
     await client.testAuth()
+
+    await credManager.saveConfig({
+      accessToken: extracted.accessToken,
+      refreshToken: extracted.refreshToken ?? '',
+      expiresAt: extracted.expiresAt ?? 0,
+      tokenType: 'extracted',
+      deviceUrl: extracted.deviceUrl,
+    })
   } catch {
     // Intentionally silent — best-effort preflight that should not block commands
   }

package/src/platforms/webex/index.ts

@@ -1,5 +1,7 @@
 export { WebexClient } from './client'
 export { WebexCredentialManager } from './credential-manager'
+export { WebexTokenExtractor } from './token-extractor'
+export type { ExtractedWebexToken } from './token-extractor'
 export { WebexError } from './types'
 export type {
   WebexConfig,